I am investigating if we can use IBM RTC API to create workitem, get workitem, etc using python scripting. I came across python library "rtcclient" which can achieve the required tasks however I am unable to use it since I get error as "SSLV3 Handshake Error" during the rtcclient call. I receive the same error even with requests.get function as well
requests.exceptions.SSLError: HTTPSConnectionPool(host='clm.demo.com', port=9443): Max retries exceeded with url: /jazz/authenticated/identity (Caused by SSLError(SSLError(1, u'[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:726)'),))
I am able to retrieve the same details via cURL command however python still throws error. Below are my version details
IBM RTC CLM: 6.0.2
Python: 3.7.6
Libraries installed : cryptography, httplib2, pyopenssl, rtcclient, requests
Related
If I do this:
import requests
url = 'https://us-street.api.smartystreets.com/i/redacted/the/url/because/its/an/api/call/with/private/info'
r = requests.get(url)
I get this:
SSLError: HTTPSConnectionPool(host='us-street.api.smartystreets.com', port=443): Max retries exceeded with url: /i/redacted/the/url/because/its/an/api/call/with/private/info (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1131)')))
However, when I put the URL directly into my Chrome browser, I get a response.
The key here is that the request works through the browser, so it's probably something limited to Python. Some sleuthing leads us to the following:
https://stackoverflow.com/a/65860355/5478086
The difference between the above post and our case is that our request still works when verify=False, so the problem is not on the server's side, but on our side. And so, we try the above answer
pip install python-certifi-win32
Or on Anaconda
conda install -c conda-forge python-certifi-win32
(h/t to iambr from this post.)
And now we can successfully make and verify requests from the above domain.
We're using a Python package that internally uses requests to access an online service. The service is located at https://dsbox02.isi.edu:8888/ . If you follow the link with your browser, you'll see that the page opens up, and that it has a valid certificate.
The following Python code, however, fails:
import requests
requests.get('https://dsbox02.isi.edu:8888')
requests.exceptions.SSLError: HTTPSConnectionPool(host='dsbox02.isi.edu', port=8888): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1122)')))
This happens on Windows 10 and Python 3.7, Ubuntu 18.04 and Python 3.6 and the python:latest docker image, with Python 3.9. On a Mac with Python 3.8 it does work.
There are some ssl certificates that are not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.
The easiest way is to check your website with a ssl checker. Such as: https://www.sslshopper.com/ssl-checker.html#hostname=https://dsbox02.isi.edu:8888/
for proper vulnerability scanning it's necessary that python3 speaks insecure HTTPS to avoid overlooking a vulnerable website just because openssl wouldn't talk to it because it was still using SSLv3 or 3DES. After all, those old servers mostly also have the vulnerable applications running on it ;) Compiling my own openssl with enable-weak-ciphers doesn't look like a good option because every user of the scanner also would have to do the same.
The OpenSSL 1.1.1 on my system wouldn't talk to these sites using python3 + requests:
10000-sans.badssl.com
3des.badssl.com
client.badssl.com
client-cert-missing.badssl.com
dh480.badssl.com
dh512.badssl.com
null.badssl.com
rc4.badssl.com
rc4-md5.badssl.com
subdomain.badssl.com
wrong.badssl.com
(I assume there's no way to get this done using requests and pyopenssl without recompiling openssl, so no need to post my code.)
Also this tip didn't work:
http://www.pybloggers.com/2017/02/configuring-tls-with-requests/
This throws this error: requests.exceptions.SSLError:
HTTPSConnectionPool(host='3des.badssl.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:852)'),))
Any ideas on how to get it done without recompiling openssl?
thx
2d4d
we recently configured aws privatelink to snowflake account and updated python connector (v.1.8.0) properties to use privatelink URL.
Connection keeps failing with below error.
Failed to execute request: HTTPSConnectionPool(host='testaccount.us-west-2.privatelink.snowflakecomputing.com', port=443): Max retries exceeded with url: /session/v1/login-request?warehouse=TEST_WH&request_id=12345&request_guid=f5467 (Caused by ProtocolError('Connection aborted.', BadStatusLine("''",)))
Has anyone encountered this issue when using AWS privatelink?
Any inputs would be greatly appreciated.
On the host where you are running python, if linux or OSX, can you run:
curl -v -L https://testaccount.us-west-2.privatelink.snowflakecomputing.com:443
Do you know if you have a proxy in place allowing your Web URL to work?
https://www.digitalcitizen.life/how-set-proxy-server-all-major-internet-browsers-windows
That error is because the python code is unable to reach the privatelink URL. Either it's on a host that is blocked, there is a firewall blocking, or you require a proxy.
I am using braintree with python and swift.can anyone tell me how to reset retries in braintree.
I am getting this error
SSLError: HTTPSConnectionPool(host='api.sandbox.braintreegateway.com', port=443): Max retries exceeded with url: /merchants/merchantid/client_token (Caused by SSLError(SSLError(1, u'[SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:590)'),))
Full disclosure: I work at Braintree. If you have any further questions, feel free to contact
support.
The "retries exceeded" error seems to be a red herring that really points to an SSL incompatibility. The SSL: TLSV1_ALERT_PROTOCOL_VERSION SSLError indicates that the host url api.sandbox.braintreegateway.com will not accept your TLS version.
Starting on December 16, 2016, Braintree deprecated Sandbox's support of TLSv1.1 in favor of TLSv1.2, you can read about it in this blog post.
To fix this issue, you will want to check which version of OpenSSL your machine is running using Terminal:
$ python3 -c "import ssl; print(ssl.OPENSSL_VERSION)"
If the OpenSSL version is not 1.0.1+, you will need to update OpenSSL to the latest version, which supports TLSv1.2. If you are using Homebrew, you can follow the instructions outlined here.